Hackers Remotely Locking Some Macs and iOS Devices in Australia for Ransom

A number of iOS and Mac users in Australia are reporting a growing issue on Apple's support forums (via The Age) in which hackers are locking iPhones, iPads and Macs remotely through iCloud. Compromised devices are also displaying warning messages offering unlocks for money.

A hacker's message on a compromised iMac (via The Age)

Member veritylikestea on Apple Support Communities:

i was using my ipad a short while ago when suddenly it locked itself, and was askiwhich I'd never previously set up. I went to check my phone and there was a message on the screen (it's still there) saying that my device(s) had been hacked by 'Oleg Pliss' and he/she/they demanded $100 USD/EUR to return them to me.

Member Sei_L on Apple's forums also reports a similar message:

Same things here, both Ipads got the "hacked by Oleg Pliss" message, both have passcodes. In Western Australia also. I've chatted with Apple Chat and they said "this is very serious." They've set up a phone call back from the correct department (whoever they are) tomorrow morning so we'll see what happens then. We can access the ipads because they both had passcodes but when an app is used, it comes up with GameCentre password request; we didn't put it in.

IT security expert Troy Hunt commented on the specifics of the issue, stating that the hackers are likely using compromised data exposed from recent security breaches to login to iCloud accounts. Hunt also notes that the accounts hacked were likely not using two-step verification, suggesting that a single password would have not had granted access had the feature been turned on.

Apple has yet to officially comment on the issue, although users are encouraged to turn on two-step verification for their Apple ID with directions available on a support page.

Maybe it would be best if such idiots didn't have passwords like 'password123' then whine when someone hacks then. Honestly, I wish there was a fine for those idiots who choose stupid passwords and then find themselves hack - $1,000 fine would be a good incentive to stop people from being idiots.

There should also be a fine for presumptuous posts made by idiots who think they're somehow superior to people they know nothing about.

Untold misery?.. drama queen or what.. u have to change a password.. whooppee doo.... Try having no shoes, and the nearest well is 10km away... Surrounded by wild animals.. jeez....

It sounds like you have a tough life, but hacking is definitely no joke, and the estimates of the global cost of that to businesses large and small, ranges from hundreds of billions to $1 trillion annually, and guess who's paying for that in the end? And that's not mentioning resulting job losses, or the inconvenience caused to millions of people, when essential servers are down.
Feel free to scan thru a small sampling of links below, re the impact and cost of hacking.

What has likely happened is the person(s) that have been affected used their icloud.com email address to sign up to another website that was recently hacked (like eBay). Then, they used the same password for eBay that they use for their iCloud account.

So all the "hacker" is really doing is getting a hold of the dump of username/passwords, sorting for commonly used services (icloud.com, gmail.com, yahoo.com, etc), then simply trying the password to see if it lets them in.

No real "hacking" is likely happening here.

No, that is not what happened. My friend had a very strong password that was only ever used for iCloud, and was hacked.

It was not from another website, and the password was not vulnerable to dictionary attacks.

Initially Apple said they were are that someone is hacking Find my iPhone and and there was no solution yet.

We could not find any way around it, every device linked to her iCloud account was bricked. I'm guessing thousands of people were affected by this, probably all simultaneously. Everyone seems I have been hit at about the same time the morning (4am or so).

9 hours later Apple called back and walked through the (complicated and not always possible) process of bypassing the "lost phone" password and restoring a backup. She didn't loose any data, but it sounded like some people will loose data because of this.

Since it seems to depend what country you purchased the phone in, I wonder if some vulnerability involving a database of hardware serial numbers was used for the attack.

Some people have also suggested a nationwide ISP based man in the middle attack, apparently a recent version of iTunes was vulnerable to this?

MacRumors attracts a broad audience
of both consumers and professionals interested in
the latest technologies and products. We also boast an active community focused on
purchasing decisions and technical aspects of the iPhone, iPod, iPad, and Mac platforms.